September 23Organizational meeting

Organizational meeting: Sign up to give a talk!

September 30Keith

October 7Zero-knowledge sets and related constructions

Speaker: Mike

Abstract: We begin with an abstraction of a secure DNS system.
A dealer has a finite map M from strings to strings. He wishes to
set up an agent (a secure DNS server) which can sign statements of
the form "M(x) = y" or "M(z) is undefined".

We would like two security properties:

The agent cannot lie.

An adversary who interacts with the agent cannot learn
anything about M except at the points he queries.

We explore three solutions to this problem:

Zero-knowledge sets using mercurial commitments

Hierarchical identity-based signatures

Cospatial signatures

Joint work with: Dan Boneh

October 11Party at John's house

October 14Gemalto round-table discussion

Abstract:
Representatives from Gemalto will be visiting for
a round-table discussion of security research.
Topics include:

Other than one another, with whom do security professors
collaborate?

Where do profs and students find inspiration?

What do profs and students find exciting about research,
and what would they like to research next?

What's the future of security?

October 21Understanding CAPTCHA security

Speaker: Elie Bursztein

Abstract:
CAPTCHAs are used to tell real users apart from bots. They
currently our first, last and only line of defense against
automatic action on the web. Over the last few years, building
CAPTCHA schemes and breaking them has become part of the
security field; however we still have a limited understanding of
the CAPTCHA security model. Our overall goal is to be able to
design a security metric that will allow us to understand what
assets a given CAPTCHA scheme can protect. The key questions
that we need to answer to reach this goal are:

What is hard for human?

What is hard for computer?

How can we compute the attack cost for a given scheme?

Can we design CAPTCHA scheme that are economically more efficient?

In this talk I will present our plan to answer these questions
and what we have so far. In particular I will present on the
defensive side what I think can be used as a security metrics
based on our experience in breaking CAPTCHAs. On the offensive
side, I will present how we used machine learning techniques to
break eBay's audio CAPTCHAs (WOOT 09), and if I am done by then,
how we used them to break a famous visual CAPTCHA.

October 28DNSSEC

Speaker: Jason

Abstract: Domain Name System Security Extensions (DNSSEC) with
Hashed Authenticated Denial of Existence (NSEC3) is a protocol
slated for adoption by important parts of the DNS hierarchy,
including the root zone, as a solution to DNS security
vulnerabilities such as “cache-poisoning” attacks. We study the
security goals and operations of DNSSEC/NSEC3 to analyze its
security guarantees and shortcomings. In addition to limitations
stated in the DNSSEC RFCs, such as the insecure "last-hop"
channel, by checking DNSSEC/NSEC3 security properties using a
finite-state enumeration tool, we uncover several more
weaknesses in the DNSSEC protocol, including incorrect temporal
dependencies in the DNSSEC signature attestation chain and NSEC3
options that allow a forged name to be inserted into a DNSSEC
domain. We then demonstrate the exploitability of the NSEC3
vulnerability by using it to carry out a browser cookie-stealing
attack on a laboratory DNSSEC domain.

On the plus side, we were able to demonstrate that a signed
address (A) resource record with a full signature chain to a
trust anchor cannot be spoofed by modeled network attackers
short of signature compromise. To conclude, we state the
implementation and configuration requirements which minimize the
exploitability of the DNSSEC system.

November 4Hristo

Abstract: Hristo will talk about his on-going work on adding
address space layout randomization (ASLR) to the Google Android
platform. The talk will cover the motivation, constraints, and
current approach to solving the problem, as well as a
perspective on Android platform work gained from mostly reading
the code.

Joint work with: Dan Boneh and
the Android team

November 11Protocol Composition Logic

Speaker: Stephan

Abstract:
I present a thoroughly revamped version of Protocol Composition
Logic (PCL). PCL is formalized in the framework of universal
order-sorted algebra, that is, universal algebra with
subtyping. With respect to the previous version of PCL, many bugs,
underspecification issues, and redundancies were fixed. In
addition, PCL now has an unambiguous semantics that would in
principle allow someone to implement it and feed it to a theorem
prover. My GenMsg (generable messages) and DolevYao (Dolev-Yao
closure) definitions are inspired by Paulson's analz and synth
operators. Finally, my presentation is meant to be an
easy-to-understand introduction to the formalism of the new PCL.

November 18Object Capabilities and Mashups

Speaker: Ankur

Abstract: When a web site combines active content
(applications) from untrusted sources, it is important to
protect each untrusted application from the others. The
object-capability model provides an appealing approach: if
separate applications are provided disjoint capabilities, a
sound object-capability framework will prevent untrusted
applications from interfering with each other. However, in
developing language-based foundations for isolation proofs based
on object-capabilities, we identify a more general notion of
authority safety that also implies resource isolation. After
proving that capability safety implies authority safety, we
consider three example languages and show the applicability of
our framework. Perhaps surprisingly, although we prove that one
JavaScript subset based on Google Caja is capability safe, a
more expressive subset of JavaScript is actually authority safe
and therefore suitable for isolating untrusted applications.